Tool and guide to support and assess GDPR for educational institutions

The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, has a wide reach. Organizations which handle personal data of residents from the European Union (EU) are affected, regardless of their domicile. Taking into account the rapid changes that technology has been undergoing over the past years and the enhanced possibilities which allow data collection and analysis, the regulation aims to protect the citizens of the EU with regards to their personal data. Research and surveys have shown that those affected by the GDPR are often aware of the new regulation; however, shortly before the implementation deadline they did not seem to be fully ready and informed about what actually needed to be changed from an organizational perspective. Whils tlarge and midsized companies are the main focus of GDPR in the media and literature, this study will explore the implications of the GDPR on educational institutions, which seem to be left outside of the discussions in proven literature. By nature, the regulation does not offer clear guidelines on how it should be implemented. This leaves the educational institutions with the options to either interpret and manage the requirements and necessary changes independantly which can be quite time and resource consuming, or they need to hire a consulting company, which can cost a material amount of money....